HP Cisco MDS 9216A Cisco MDS 9000 Family Storage Media Encryption Configuratio - Page 272
Assigning Cisco SME Roles and Users, Creating Cisco SME Fabrics, Installing SSL Certificates
View all HP Cisco MDS 9216A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 272 highlights
Preconfiguration Tasks Appendix F Planning For Cisco SME Installation Send documentation comments to [email protected] • Set the FC Redirect version to 2 (if you are using SAN-OS Release 3.1(1a) or later, or NX-OS 4.x). To learn more about enabling the version2 mode, refer to the "fc-redirect version2 enable" section on page A-12. Note To learn about enabling these services, refer to Chapter 2, "Getting Started." Assigning Cisco SME Roles and Users The Cisco SME feature provides two primary roles: Cisco SME Administrator (sme-admin) and the Cisco SME Recovery Officer (sme-recovery). The Cisco SME Administrator role also includes the Cisco SME Storage Administrator (sme-stg-admin) and Cisco SME KMC Administrator (sme-kmc-admin) roles. To set up the roles and users, note the following guidelines: • Create the appropriate Cisco SME roles, that is, sme-admin and/or sme-stg-admin and sme-kmc-admin, and sme-recovery in the Advanced Master Key Security mode. • Choose separate users for the sme-kmc-admin role and the sme-stg-admin role to split the responsiblities of key management and SME provisioning. To combine these responsibilities into one role, choose the stg-admin role. • Use the Fabric Manager to create users for sme-admin, sme-stg-admin, and sme-kmc-admin roles as appropriate. • In the Advanced mode for the master key, create three or five users under the sme-recovery role. • Create users on the switches for all of these roles. To know more about the roles and their responsibilities refer to the "Creating and Assigning Cisco SME Roles and Cisco SME Users" section on page 2-9. For detailed information on creating and assigning roles, refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide and the Cisco MDS 9000 Family CLI Configuration Guide. Creating Cisco SME Fabrics When creating Cisco SME fabrics, note the following guidelines: • Add the Cisco SME fabrics using the Fabric Manager Web client. Modify the names to exclude switch names from the fabric name. • The fabric name must remain constant. You cannot change the fabric name after you have configured Cisco SME. For more information, refer to the "Adding a Fabric and Changing the Fabric Name" section on page 2-13. Installing SSL Certificates To create SSL certificates, do the following tasks: • Follow the procedure specified in Appendix C, "Provisioning Self-Sign Certificates," to install SSL certificates on the switches and the KMC. • Use the same password at every step of the installation procedure to simplify the process. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide F-6 OL-18091-01, Cisco MDS NX-OS Release 4.x